We've just released FlowBAT v1.5.3 which contains support for Ubuntu 16, along with several minor big fixes, performance enhancements, and installation script enhancements. You can download and install FlowBAT by following the instructions on your Installation page. If you run into any issues, please report them on our Github page.

We’re excited to announce the release of FlowBAT v1.3. This is a minor release containing new features, improvements to existing features, and bug fixes.

Update Process

FlowBAT 1.3 changes the manner in which the application is executed. Because of this, the easiest way to upgrade FlowBAT is to download the installation script from this page and reinstall the application.

If you have existing content (users, saved queries, etc) that you would like to save, you can complete the following process:

If FlowBAT isn't already running then manually cd to the FlowBAT project directory and start meteor dev so that you can grab a copy of the db.

# meteor --port 1800 run --settings settings/dev.json "$@"

Create a safe place to copy the db.

# mkdir ~/fbdevbackup

Dump the db from the meteor dev instance of FlowBAT to ~/fbdevbackup

# mongodump -h 127.0.0.1 --port 1801 -d meteor -o ~/fbdevbackup

Kill all currently running meteor processes

# ps aux | grep meteor

# kill [pid]

rm the old flowbat directory

#rm -rf FLOWBATPATH

Install the new FlowBAT

# ./install_flowbat_ubuntu.sh

Check that it is running (should have node main.js)

#ps aux | grep node

Remove the current prod database in the running node instance.

# mongo flowbat --eval "db.dropDatabase()"

Restore the dev backup to the prod node instance.

# mongorestore -h 127.0.0.1:27017 -d flowbat ~/fbdevbackup/meteor/

Manually remove backup DB and location (optional)

# rm -rf ~/fbdevbackup

New Features

Multiple User Support: You can now add multiple user accounts to FlowBAT. New user accounts can be added clicking your username at the top right of the screen, and choosing the User Administration option.

When adding users, you can assign them a role as an analyst or an administrator. Analysts can access all areas of the application other than user administration and SiLK server configuration. Those areas are limited to users with the administrator role.

Byte Calculations: Previously, byte count fields were only shown as bytes. Now, fields are shown to be easier to read. For example, 1024 bytes is now shown as 1 KB, 2014 kb is now shown as 1 MB, etc.

Country Code Support: Search results will now show country codes for IP addresses if a country code database is available. If you installed SiLK using the silkonabox.sh script, a database has been installed for you and should work automatically.

Service Controls: You can now start/stop/restart FlowBAT using standard service control commands. For example, in an Ubuntu installation you can use the following to start the application:

sudo service flowbat start

Bug Fixes and Other Enhancements

Upgraded code base to support Meteor 1.1.0.2

Default to installing country code pmap file which fixes country code bug

We’re excited to announce the release of FlowBAT v1.2. This is a minor release containing new features, improvements to existing features, and bug fixes.

﻿New Features﻿Tuple Search: FlowBAT now allows users to filter data based on specific 5-tuple values, based on saved tuple files. These files are created similar to how lists are created. This is accomplished by selecting the “Tuple File” option in the main menu.

Once you’ve created a tuple file, you can reference it in the query builder by expanding the Additional Options section, shown here:

Tuple files can be referenced in the quick query area by using the --tuple-file command. User Configurable Temp Directory: FlowBAT creates and stores temporary files when filtering flow data. Previously, these files were stored in the /tmp/ directory. Per request, we’ve added a configuration option that allows users to specify the global storage location for temporary RWF, RWS, and Tuple files. This option can be specified by accessing the SiLK server configuration screen and inputting a value into the Temporary Storage Directory input box. If no value is entered, the default location of /tmp/ will be used. You should ensure the directory you choose is writable by the FlowBAT application.

Save Quick Queries: When creating queries through the query builder interface, an option is now present to save the query for later use. This option can be found in the final query section of the query builder page.

Improvements

The navigation bar was modified to simplify the layout and increase screen real estate. This helps maximize the area used to perform data analysis while minimizing the area needed for basic navigation tasks

Previously, when switching between the quick query screen and query builder, an existing query would auto-execute. This functionality has been modified to prevent auto-execution to prevent interface slowness and wasted processing.

The version of the FlowBAT installation was added to a footer at the bottom of the screen to help users identify which version they are using.

Query builder fonts were modified to be more aesthetically pleasing.

The installation script now asks questions at the beginning instead of during the install process.

Additional output logging was added to the installation script to help troubleshoot installation issues.

Updating FlowBAT To update FlowBAT, browse to the application directory and run “git pull”. FlowBAT will perform an in place “hot” upgrade. No service restarts are required. If you run into issues updating, please contact support at support@flowbat.com.